[Fedora-directory-users] MD5 for password hashes
Del
del at babel.com.au
Thu Nov 17 02:07:06 UTC 2005
> You do realize that MD5 has been _fully_ broken now, don't you? And I'm
> not talking about dictionary attacks; I'm talking about a fast
> mathematical attack vector on the algorithm itself.
This isn't really about storing MD5s for any length of time, it's about
migrating a bunch of existing MD5 hashes into the directory from another
directory that stores them (and doesn't support SSHA-512 or anything
similar).
Also, a couple of points:
* The MD5 hashes aren't publically available. To generate a collision
on a hash you have to have the hash, and if the server won't let you read
the hash then you're stumped. Until, of course, you break the root
DN password of the DS, in which case the security of MD5 is the least
of your worries.
* The MD5 collision generators can generate (quickly) two strings that
have the same MD5 checksum. We cannot (yet) quickly generate a string
that has a chosen checksum. Manipulating a piece of data to have the
checksum you want (i.e. MD5 password cracking) is a hell of a lot more
difficult than finding a colision between two bits of random data.
The walls are down on this, though, and generating a piece of data with
a chosen checksum is probably a few years away. Long enough to begin
and conclude a password migration strategy.
* It's still safer than storing clear text.
--
Del
More information about the Fedora-directory-users
mailing list